CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2012-4714
https://notcve.org/view.php?id=CVE-2012-4714
Integer overflow in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service outage or RNADiagReceiver.exe daemon crash) via UDP data that specifies a large integer value. Desbordamiento de entero en RNADiagnostics.dll de Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, y CPR9-SR6 permite a atacantes remotos causar una denegación de servicio (interrupción del servicio o la caída del demonio RNADiagReceiver.exe) a través de los datos de UDP que especifica un gran valor entero. • http://ics-cert.us-cert.gov/pdf/ICSA-13-095-02.pdf https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599 • CWE-189: Numeric Errors •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2012-4695
https://notcve.org/view.php?id=CVE-2012-4695
LogReceiver.exe in Rockwell Automation RSLinx Enterprise CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service outage) via a zero-byte UDP packet that is not properly handled by Logger.dll. LogReceiver.exe de Rockwell Automation RSLinx Enterprise CPR9, CPR9-SR1, SR2-CPR9, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1 y CPR9-SR6 permite a atacantes remotos provocar una denegación de servicio (interrupción del servicio) a través de un paquete UDP de cero bytes que no se maneja adecuadamente por Logger.dll. • http://ics-cert.us-cert.gov/pdf/ICSA-13-095-02.pdf https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599 • CWE-20: Improper Input Validation •
CVSS: 8.5EPSS: 0%CPEs: 18EXPL: 0CVE-2012-6439
https://notcve.org/view.php?id=CVE-2012-6439
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that modifies the (1) configuration or (2) network parameters. Rockwell Automation EtherNet/IP; productos 1756-ENBT, 1756-EWEB, 1768-ENBT y módulos de comunicación 1768-EWEB; CompactLogix L32E y L35E, 1788-ENBT adaptador FlexLogix ; AENTR 1794-FLEX I/O EtherNet/IP del adaptador; ControlLogix v18 y anteriores; CompactLogix 18 y anteriores; GuardLogix v18 y anteriores; SoftLogix v18 y anteriores; controladores CompactLogix v19 y anteriores; controladores SoftLogix v19 y anteriores; controladores ControlLogix v20 y anteriores, los controladores GuardLogix v20 y anteriores, y MicroLogix 1100 y 1400 permiten a atacantes remotos causar una denegación de servicio (control y corte de la comunicación) a través de un mensaje CIP que modifica la configuración (1) o (2) los parámetros de red. • http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf •
CVSS: 7.8EPSS: 93%CPEs: 18EXPL: 0CVE-2012-6438
https://notcve.org/view.php?id=CVE-2012-6438
Buffer overflow in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allows remote attackers to cause a denial of service (NIC crash and communication outage) via a malformed CIP packet. Desbordamiento de búfer en Rockwell Automation EtherNet/IP; productos 1756-ENBT, 1756-EWEB, 1768-ENBT y módulos de comunicación 1768-EWEB; CompactLogix L32E y L35E, 1788-ENBT adaptador FlexLogix; AENTR 1794-FLEX adaptador I/O EtherNet/IP; ControlLogix v18 y anteriores; CompactLogix v18 y anteriores; GuardLogix v18 y anteriores; SoftLogix v18 y anteriores; controladores CompactLogix v19 y anteriores; controladores SoftLogix v19 y anteriores; controladores ControlLogix v20 y anteriores, los controladores GuardLogix v20 y anteriores, y MicroLogix 1100 y 1400, permite a atacantes remotos provocar una denegación de servicio (caída NIC y corte de la comunicación) a través de un paquete mal formado CIP. • http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 93%CPEs: 23EXPL: 0CVE-2012-6442
https://notcve.org/view.php?id=CVE-2012-6442
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that specifies a reset. Los productos Rockwell Automation EtherNet/IP: 1756-ENBT, 1756-EWEB, 1768-ENBT, y los módulos de comunicación 1768-EWEB; CompactLogix L32E y controladores L35E; adaptador 1788-ENBT FLEXLogix; adaptador 1794-AENTR FLEX I/O EtherNet/IP; ControlLogix 18 y anteriores; CompactLogix 18 y anteriores; GuardLogix 18 y anteriores; SoftLogix 18 y anteriores; controladores CompactLogix 19 y anteriores; controladores SoftLogix 19 y anteriores; controladores ControlLogix 20 y anteriores; controladores GuardLogix 20 y anteriores; y MicroLogix 1100 y 1400 permiten a atacantes remotos causar una denegación de servicio (control y corte de la comunicación) a través de un mensaje CIP que especifica un reinicio. • http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf https://tools.cisco.com/security/center/viewAlert.x?alertId=27862 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •